Empirical Security 101 |
Wed 09/25 |
Administrivia
Slides
|
|
[Assigned] Research project
|
Mon 09/30 |
Empirical Security
Slides
|
- [Optional] SoK: Science, Security, and the Elusive Goal of Security as a Scientific Pursuit.
(Slides|Video)
|
|
Wed 10/02 |
Measurement + Ethics
Slides
|
- [Optional] Strategies for Sound Internet Measurement.
- [Optional] ZMap: Fast Internet-wide Scanning and Its Security Applications.
(Slides|Video)
- [Optional] Dos and Don'ts of Machine Learning in Computer Security.
(Slides|Video)
- [Optional] Ethical Frameworks and Computer Security Trolley Problems: Foundations for Conversations.
(Slides|Video)
|
[Deadline] Presentation signup Due 10/02 at 9PM PDT (UTC-7)
[Deadline] Submit Project Team Due 10/04 at 9PM PDT (UTC-7)
|
Mon 10/07 |
Security
Slides
|
- [Optional] Perspectives on Security.
- [Optional] Reflections on Trusting Trust.
- [Optional] Running the "Reflections on Trusting Trust" Compiler.
|
|
Internet Security |
Wed 10/09 |
Web Tracking
|
- Internet Jones and the Raiders of the Lost Trackers: An Archaeological Study of Web Tracking from 1996 to 2016.
(Slides|Video)
- XRay: Enhancing the Web’s Transparency with Differential Correlation.
(Slides|Video)
- [Optional] The Web Never Forgets: Persistent Tracking Mechanisms in the Wild.
(Slides)
|
|
Mon 10/14 |
Public Keys
|
- Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices.
(Slides|Video)
- The Million-Key Question — Investigating the Origins of RSA Public Keys .
(Slides|Video)
|
|
Wed 10/16 |
TLS
|
- The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software.
- The Security Impact of HTTPS Interception.
|
[Deadline] Project Proposal Due 10/16 at 9PM PDT (UTC-7) Sign up for a proposal meeting.
|
Mon 10/21 |
DDoS + Botnets
|
- Inferring Internet Denial-of-Service Activity.
- Understanding the Mirai Botnet.
(Slides|Video)
- [Optional] BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection.
|
|
User + Usable Security |
Wed 10/23 |
Passwords
|
- A Two-Decade Retrospective Analysis of a University's Vulnerability to Attacks Exploiting Reused Passwords.
(Slides|Video)
- The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million Passwords.
(Slides)
|
|
Mon 10/28 |
User Authentication + Spam
|
- Click Trajectories: End-to-End Analysis of the Spam Value Chain.
- Towards Implicit Visual Memory-Based Authentication.
(Slides|Video)
- [Optional] Neuroscience Meets Cryptography: Designing Crypto Primitives Secure Against Rubber Hose Attacks.
(Slides|Video)
|
|
Wed 10/30 |
Social Engineering
|
- Sunrise to Sunset: Analyzing the End-to-end Life Cycle and Effectiveness of Phishing Attacks at Scale.
(Slides|Video)
- Who's Calling? Characterizing Robocalls through Audio and Metadata Analysis.
(Slides|Video)
|
|
Mon 11/04 |
Security Indicators
|
- Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness.
(Slides|Video)
- Understanding security mistakes developers make: Qualitative analysis from Build It, Break It, Fix It.
(Slides|Video)
|
[Deadline] Sign up for a research update meeting.
|
Software + Systems Security |
Wed 11/06 |
Memory attacks
|
- The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86)..
- SoK: Eternal War in Memory.
|
|
Mon 11/11 |
No class
|
Veterans Day
|
|
Wed 11/13 |
Finding vulnerabilities
|
- Evaluating Fuzz Testing.
(Video)
- Before we knew it: An empirical study of zero-day attacks in the real world.
|
|
Mon 11/18 |
IoT
|
- Security Analysis of Emerging Smart Home Applications.
(Slides|Video)
- SoK: Security Evaluation of Home-Based IoT Deployments.
(Slides|Video)
|
|
Wed 11/20 |
Cyber-Physical Systems
|
- Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses.
- Comprehensive Experimental Analyses of Automotive Attack Surfaces.
(Video)
- [Optional] Security Analysis of a Full-Body Scanner.
(Slides|Video)
|
[Deadline] (Optional) Sign up for a second research update meeting.
|
Mon 11/25 |
ML-Assisted Programming
|
- Asleep at the Keyboard? Assessing the Security of GitHub Copilot's Code Contributions.
(Video)
- Do Users Write More Insecure Code with AI Assistants?.
(Slides)
|
|
Wed 11/27 |
No class
|
Happy Thanksgiving eve!
|
|
Mon 12/02 |
Adversarial Machine Learning
|
- Towards Evaluating the Robustness of Neural Networks.
(Video)
- Accessorize to a Crime: Real and Stealthy Attacks on State-of-the-Art Face Recognition.
(Video)
- [Optional] Intriguing properties of neural networks.
|
|
Meta Analysis + Wrap up |
Wed 12/04 |
Meta-analysis
|
- Milk or Wine: Does Software Security Improve with Age?.
- A Decade of Mal-Activity Reporting: A Retrospective Analysis of Internet Malicious Activity Blacklists.
|
|
Finals Week |
Mon 12/09 |
Project Presentations
|
Time/Location TBD
|
[Deadline] Final project report Due 12/11 at 9PM PST (UTC-8)
|